eSikker.dk

Sårbarhed Detalje Syn
Legend : critical high medium low other
id 43154
Risiko other
Familie CGI abuses
Kategori infos
Navn Kiwi Syslog Server Web Access Login Username Enumeration
Sammenfatning Attempts to login with valid/invalid accounts
Beskrivelse Synopsis :

The remote host has a web application that leaks information.

Description :

Kiwi Syslog Web Access is installed on the remote host. The
installed version responds with different error messages when an user
attempts to login with existent and non-existent accounts. A remote
unauthenticated attacker may exploit this vulnerability to enumerate
valid users for the remote web application.

The installed version is reportedly also affected by a vulnerability
that may allow an attacker to read arbitrary local files by
registering a new application, although Nessus has not tested for it.

Solution :

Unknown at this time

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVE NOCVE
Bugtraq 37282
Copyright (C) 2009 Tenable Network Security, Inc.
255
 PCbix kan findes hos twitter PC håndværkeren - Er din PC i stykker? Banken lukkede din netbank? Har din PC virus? Ekstern USB harddisk kasse med eller uden harddisk. Lillekilde i Valby Studiehuset Ole Opfinder Hosted by FLIFL
design by Pingvino